November 6, 2015 Last Updated 4:08 pm

Economist readers warned of PageFair hack a week following attack that hit 501 websites

Windows users were told to update Adobe Flash software, but malware was installed instead allowing hacker to log passwords and other information for a brief time

The PageFair hack that occurred late last week effected a number of publishers, some now getting around to warning their readers that they may have inadvertently downloaded malware. The Economist is the latest to post a warning.

TheEco-web-screenThe hack involves PageFair, an anti-ad blocking firm that provides free analytics to publishers. On Halloween, PageFair was hacked and when readers of 501 websites clicked on the site they were presented with a notice that they needed to update their Adobe Flash software – a far to common sight for web readers. But clicking on the link would instead load malware that would that log the users passwords, takes webcam snapshots, and regularly reports back to a hacker’s server.

The malware, of course, only effects those using Windows (Mac users, stop laughing, it is unbecoming of you).

“If you are a publisher using our free analytics service, you have good reason to be very angry and disappointed with us right now. For 83 minutes last night, the PageFair analytics service was compromised by hackers, who succeeded in getting malicious javascript to execute on websites via our service, which prompted some visitors to these websites to download an executable file,” PageFair CEO Sean Blanchfield wrote in a blog post published a day after the attack. “I am very sorry that this occurred and would like to assure you that it is no longer happening.”

The malware is particularly nasty, not only for the password logging, but it appears to effect so much more.

“We have received reports that the malware in question causes unexpected behaviors in certain Microsoft products such as Word, Excel, and Outlook,” Blanchfield wrote on the second day following the attack.

The Economist today posted a warning to readers recommending that they take action.

“If you visited (or, in fact, the websites of any of its 500 other customers) at any time between Oct. 31, 23:52 GMT and 01:15 GMT, Nov. 1, using Windows OS and you do not have trusted anti-virus software installed, it is possible that malware, disguised as an Adobe update, was downloaded onto your PC,” The Economist warned readers.

The magazine placed a blue banner across its home page (see above) to notify readers. (Is the lesson here not to put Angela Merkel on your cover?)

The use of PageFair is, of course, a response to the growing use of ad-blockers by web readers. Unfortunately, the solution appears to be only turning off readers to these media outlets – though that might be just as well. After all, if publishers are not willing to end the practice of running obnoxious advertising (we’re talking about you Gannett) then a loss of web traffic should be the result. It is just a shame that other publishers, who care more about the reading experience of their web users will be effected by ad-blockers, as well.

Update: A representative of The Economist reached out to TNM this afternoon and supplied this statement:

On Oct. 31, 2015, one of’s vendors, PageFair, was hacked, affecting 501 of its publishing clients, including us. We know that the issue lasted 83 minutes before it was resolved by PageFair. We were informed on Monday morning that this had happened. We obtained a copy of the malware from PageFair in order to analyze it independently.

The specialist company we engaged, Tempest, has just informed us the software is a keylogger – a type of surveillance software that has the capability to record every keystroke made by someone who has downloaded the malware – and this may compromise a user’s personal data such as passwords and bank and credit card details. We have now taken action to inform visitors to via this page. Please note that’s own systems have not been compromised; therefore any data we hold on our customers remains secure.

The Economist takes cybersecurity extremely seriously and strives to maintain the highest level of protection for our customers.

Comments are closed.